View Full Version : Laptop infected with Virus
rayoflight
2010-05-15, 22:52
My Laptop is infected with virus. I had McAfee but it was just hanging so I uninstalled it completely and bought Norton 360. Norton did some clean up but the laptop is still slow and hanging after 20 or 30 minutes.
Please help...
Hi,
Is this different system from the one in this topic (http://forums.spybot.info/showthread.php?t=57181)?
rayoflight
2010-05-20, 02:26
Hi Blade,
Yes it is a different system than the one in the topic.
Thanks,
Rayoflight
Ok. Let's have a look at it then.
Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
rayoflight
2010-05-21, 03:43
DDS couldn't execute upon trying. I am posting the GMER Log.
Hi,
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
rayoflight
2010-05-23, 18:36
OTL logfile created on: 5/23/2010 10:10:32 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\LT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 783.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 73.51 Gb Free Space | 65.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LT
Current User Name: LT
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\LT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\LT\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (MSK80Service) -- File not found
SRV - (MpfService) -- File not found
SRV - (McSysmon) -- File not found
SRV - (McShield) -- File not found
SRV - (McProxy) -- File not found
SRV - (McODS) -- File not found
SRV - (McNASvc) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (WaveEnrollmentService) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (Wave Systems Corp.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Service1) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe (Mercury Interactive)
SRV - (LogonService1) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe (Mercury Interactive)
SRV - (OtaPool) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe (Mercury Interactive)
SRV - (ExpressionService) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe ()
SRV - (TDStartStopService) -- C:\Program Files\Common Files\Mercury Interactive\TDStartStop.exe (Mercury Interactive)
SRV - (SiteScope) -- C:\Inetpub\TDBIN\SiteScope\tools\sitescopeservice.exe ()
SRV - (MSSQLSERVER) -- C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT) -- C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (CheckTestDirectorUserAccount) -- C:\Program Files\Common Files\Mercury Interactive\CheckU.exe (Mercury Interactive)
SRV - (TomcatService) -- C:\Inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe ()
========== Driver Services (SafeList) ==========
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100501.002\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100501.002\naveng.sys (Symantec Corporation)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0401000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0401000.020\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMDS.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys (Symantec Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (WaveFDE) -- C:\WINDOWS\system32\drivers\WaveFDE.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (paldrv) -- C:\WINDOWS\system32\pal_drv.sys (Mercury Interactive Corp.)
DRV - (PID_0900_V) Logitech ClickSmart 310(PID_0900_V) -- C:\WINDOWS\system32\drivers\LV551AV.sys (Logitech Inc.)
DRV - (LVBulk) -- C:\WINDOWS\system32\drivers\LVBULK.sys (Logitech Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "JobSearch - Dice.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6030.2009.0514.2202
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6030.2009.0514.2205
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.2.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 16:26:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 20:13:29 | 000,000,000 | ---D | M]
[2009/08/18 19:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Extensions
[2009/08/18 19:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/05/02 23:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions
[2010/01/10 12:53:19 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2009/08/20 22:14:11 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2009/08/13 18:51:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/10 12:53:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/20 22:15:29 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2010/01/10 12:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com
[2009/02/11 16:27:36 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\searchplugins\jobsearch---dicecom.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\searchplugins\MySpace.xml
[2010/05/01 20:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 20:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/03/06 13:06:00 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/03/06 13:06:02 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/03/06 13:07:42 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2008/02/07 22:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/02/07 22:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/02/07 22:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/06/24 11:08:26 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2007/03/16 18:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2007/03/16 18:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2007/03/16 18:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2009/03/06 13:06:14 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/02/07 22:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/02/07 22:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
O1 HOSTS File: ([2010/04/29 19:21:23 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll (Mercury Interactive Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\LT\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: amtrak.com ([vpn] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amtrak.com ([vpn] https in Trusted sites)
O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab (HPVirtualRooms33 Class)
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} http://LT/TDBIN/Spider80.ocx (Loader Class v2)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://vpn.amtrak.com/vdesk/cachecleaner.cab#version=6030,2009,0514,2202 (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.amtrak.com/vdesk/terminal/urxvpn.cab#version=6030,2009,514,2217 (F5 Networks VPN Manager)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} http://10.11.50.178/qcbin/capicom.dll (Certificates Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.amtrak.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,514,2213 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} http://mssepmapp01/projectserver/objects/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://vpn.amtrak.com/vdesk/terminal/f5InspectionHost.cab#version=6030,2009,0514,2204 (F5 Networks Policy Agent Host Class)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} http://LT:8080/qcbin/Spider90.ocx (Loader Class v3)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} http://mssepmapp01/projectserver/objects/1033/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://10.11.50.178/qcbin/Spider91.cab (Loader Class v4)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.amtrak.com/vdesk/terminal/urxshost.cab#version=6030,2009,514,2210 (F5 Networks SuperHost Class)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://vpn.amtrak.com/policy/download_binary.php/win32/f5syschk.cab#Version=6030,2009,0514,2213 (F5 Networks OS Policy Agent)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vfsp {E4CB5121-E242-11D4-8ED6-00010219EB22} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp.)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\system32\ShellHook.dll (Mercury Interactive Corp.)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c27220e2-5501-11de-8388-001c233c6437}\Shell - "" = AutoRun
O33 - MountPoints2\{c27220e2-5501-11de-8388-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 19:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
rayoflight
2010-05-23, 18:37
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2010/05/23 10:06:49 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LT\Desktop\OTL.exe
[2010/05/04 22:11:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/04 22:11:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/04 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 20:31:14 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/04 20:31:13 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/04 20:31:11 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/04 20:31:10 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/04 20:31:07 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/04 20:31:07 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/04 20:31:07 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 20:30:46 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/04 20:30:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/04 20:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/04 20:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/04 20:29:50 | 000,000,000 | ---D | C] -- C:\Anti_Virus_SW
[2010/05/04 19:16:08 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\cchpx86.sys
[2010/05/04 19:16:08 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\symtdi.sys
[2010/05/04 19:16:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\symtdiv.sys
[2010/05/04 19:16:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.sys
[2010/05/04 19:16:08 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.sys
[2010/05/04 19:16:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.sys
[2010/05/04 19:16:08 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\Ironx86.sys
[2010/05/04 19:16:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.sys
[2010/05/04 19:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/05/04 19:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0401000.020
[2010/05/04 19:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/05/04 19:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/02 12:39:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/01 21:12:39 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/01 21:12:39 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/01 21:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/01 21:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/01 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/05/01 21:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/05/01 21:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/05/01 21:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/01 21:07:05 | 000,408,024 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\LT\Desktop\N360Downloader.exe
[2010/05/01 20:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/01 20:13:29 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/01 20:13:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/01 20:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/01 20:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/01 18:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/01 18:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/01 11:35:15 | 000,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/01 11:35:10 | 000,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 000,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/01 11:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/01 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/05/01 10:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT\Application Data\ARManager
[2010/05/01 10:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800
[2008/02/23 01:27:34 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/05/23 09:50:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 09:48:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 09:48:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT\Desktop\OTL.exe
[2010/05/20 20:34:06 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
[2010/05/20 20:34:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
[2010/05/20 20:27:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LT\Local Settings\Application Data\WavXMapDrive.bat
[2010/05/20 20:27:02 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/20 20:26:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 20:20:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\6rxy4k21.exe
[2010/05/20 20:20:02 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\dds.com
[2010/05/12 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/05/12 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/05 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/05 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/05/05 07:54:28 | 006,766,592 | ---- | M] () -- C:\Documents and Settings\LT\ntuser.dat
[2010/05/05 07:54:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\LT\ntuser.ini
[2010/05/04 22:11:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/05/04 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 20:31:15 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 20:31:08 | 000,002,674 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2010/05/04 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/05/04 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 19:16:57 | 001,205,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/05/04 19:16:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/04 19:16:22 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/04 19:16:22 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/04 19:16:22 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/04 19:16:11 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/04 19:15:04 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\Norton Installation Files.lnk
[2010/05/04 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/05/04 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/05/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/03 00:56:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/03 00:33:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/05/02 16:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/05/02 16:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/02 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/05/02 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/02 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/05/02 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/01 21:07:08 | 000,408,024 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\LT\Desktop\N360Downloader.exe
[2010/05/01 20:50:26 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/01 20:50:26 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/01 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/05/01 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/01 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/05/01 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/01 16:37:53 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\Google Chrome.lnk
[2010/05/01 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/05/01 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/01 11:35:15 | 000,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/01 11:35:10 | 000,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 027,321,964 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 11:35:07 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/01 11:34:44 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/01 11:34:44 | 000,211,986 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/01 11:34:44 | 000,106,501 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/04/29 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/04/29 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/29 12:21:48 | 002,278,402 | ---- | M] () -- C:\Documents and Settings\LT\My Documents\DraftProposalSummary.pdf
[2010/04/29 12:21:41 | 003,001,127 | ---- | M] () -- C:\Documents and Settings\LT\My Documents\SenateDraftProposal.pdf
[2010/04/27 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/04/27 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/27 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/04/27 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/26 13:16:22 | 000,003,844 | -H-- | M] () -- C:\Documents and Settings\LT\My Documents\Default.rdp
[2010/04/25 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/04/25 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/20 20:28:59 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\dds.com
[2010/05/20 20:28:59 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\6rxy4k21.exe
[2010/05/04 22:11:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 20:31:15 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 19:16:37 | 001,205,022 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/05/04 19:16:11 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/04 19:15:49 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.inf
[2010/05/04 19:15:49 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.inf
[2010/05/04 19:15:49 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNetV.inf
[2010/05/04 19:15:49 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNet.inf
[2010/05/04 19:15:49 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.inf
[2010/05/04 19:15:49 | 000,001,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.inf
[2010/05/04 19:15:49 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Iron.inf
[2010/05/04 19:15:48 | 000,001,754 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\ccHPx86.inf
[2010/05/04 19:15:46 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\symnetv.cat
[2010/05/04 19:15:46 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.cat
[2010/05/04 19:15:46 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.cat
[2010/05/04 19:15:46 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.cat
[2010/05/04 19:15:46 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\iron.cat
[2010/05/04 19:15:46 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.cat
[2010/05/04 19:15:46 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\cchpx86.cat
[2010/05/04 19:15:46 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNet.cat
[2010/05/04 19:15:46 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\isolate.ini
[2010/05/01 21:12:39 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/01 21:12:39 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/01 21:07:33 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\Norton Installation Files.lnk
[2010/05/01 19:39:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/01 19:39:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/01 11:34:44 | 027,321,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 11:34:44 | 000,211,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/01 11:34:44 | 000,106,501 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/05/01 11:34:40 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/01 10:12:53 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/04/29 12:21:48 | 002,278,402 | ---- | C] () -- C:\Documents and Settings\LT\My Documents\DraftProposalSummary.pdf
[2010/04/29 12:21:41 | 003,001,127 | ---- | C] () -- C:\Documents and Settings\LT\My Documents\SenateDraftProposal.pdf
[2010/04/26 11:49:24 | 006,766,592 | ---- | C] () -- C:\Documents and Settings\LT\ntuser.dat
[2009/08/20 22:22:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009/06/15 12:44:53 | 000,001,106 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/12/22 21:53:01 | 000,004,534 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/08/21 14:17:27 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/08/21 14:16:07 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2008/08/21 14:16:07 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2008/08/21 14:16:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll
[2008/08/21 14:16:07 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/08/21 14:16:05 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/04/12 15:54:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\isapi_redirect.dll
[2008/04/12 15:46:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/04/12 15:46:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/04/12 15:45:56 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/12 15:45:56 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/12 15:45:54 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/03/09 14:29:37 | 000,000,204 | ---- | C] () -- C:\WINDOWS\coparamui.INI
[2008/03/09 14:14:25 | 000,000,686 | ---- | C] () -- C:\WINDOWS\LRAnalysis80.ini
[2008/03/09 13:46:07 | 000,000,035 | ---- | C] () -- C:\WINDOWS\OnlineSet.ini
[2008/03/09 13:46:05 | 000,000,242 | ---- | C] () -- C:\WINDOWS\wlrun5.ini
[2008/03/09 13:46:02 | 000,003,170 | ---- | C] () -- C:\WINDOWS\wlrun7.ini
[2008/03/09 11:06:19 | 000,000,066 | ---- | C] () -- C:\WINDOWS\vugen_extra_keywords.ini
[2008/03/07 14:36:37 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\cfgams32.dll
[2008/03/07 14:07:34 | 000,005,382 | ---- | C] () -- C:\WINDOWS\vugen.ini
[2008/03/07 14:06:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\lrdata.ini
[2008/03/07 14:06:29 | 000,000,082 | ---- | C] () -- C:\WINDOWS\upload.ini
[2008/03/07 14:06:15 | 000,000,637 | ---- | C] () -- C:\WINDOWS\flights.ini
[2008/03/07 14:06:11 | 000,000,600 | ---- | C] () -- C:\WINDOWS\miccomm.ini
[2008/03/05 15:41:58 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/03/02 17:19:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\mictable.INI
[2008/03/01 14:56:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\flight4a.INI
[2008/02/23 01:43:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI
[2008/02/23 01:33:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/02/23 01:33:08 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/02/23 01:28:30 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wlrun.ini
[2008/02/23 01:27:44 | 000,008,231 | ---- | C] () -- C:\WINDOWS\wrun.ini
[2008/02/23 01:27:35 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[2008/02/23 01:27:35 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[2008/02/23 01:27:35 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[2008/02/23 01:27:34 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2008/02/23 00:50:26 | 000,002,281 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2008/02/14 01:05:18 | 000,000,707 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/07 10:15:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/07 10:09:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/07 10:09:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/07 09:59:40 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/02/07 09:57:05 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/02/07 09:57:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/02/07 09:53:54 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/07 09:53:52 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/07 09:31:31 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/02/07 09:31:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/02/07 09:28:08 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\imlCID.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/13 16:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 17:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 11:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 12:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 13:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2006/04/20 09:34:38 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/04/20 09:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/04/19 19:50:00 | 000,284,672 | ---- | C] () -- C:\WINDOWS\System32\SovConvAux.Dll
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 19:24:19 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\i064tai.dll
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/11 19:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/11 19:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/11 19:00:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\System32\yr4y7xl.dll
[2004/08/11 19:00:18 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/11 19:00:18 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\r5581gd.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\oeu5a2j.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\f06y75p.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\bmiqa8g.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/04/01 02:00:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\carclw6s.DLL
[1999/11/05 20:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cfgamp32.dll
[1999/11/05 20:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\cfgamp16.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/05/01 20:49:43 | 000,086,460 | ---- | M] () -- C:\aaw7boot.log
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/12 23:34:03 | 000,053,248 | ---- | M] () -- C:\Avail QC Hours.xls
[2009/12/22 23:30:46 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/22 22:06:15 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2008/02/07 09:33:28 | 000,006,623 | RH-- | M] () -- C:\dell.sdr
[2008/11/29 01:58:20 | 000,035,725 | ---- | M] () -- C:\font.zip
[2008/02/15 20:22:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/06/15 16:44:21 | 000,000,366 | -H-- | M] () -- C:\IPH.PH
[2008/08/21 14:14:42 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2010/05/01 19:41:51 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/09/25 13:30:52 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\mfc71.dll
[2006/09/25 13:30:52 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\mfc71u.dll
[2008/08/12 23:30:06 | 001,266,432 | ---- | M] () -- C:\Misc.zip
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2006/09/25 13:30:54 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\msvcp71.dll
[2009/02/08 19:38:41 | 000,000,104 | ---- | M] () -- C:\My Computer.lnk
[2009/06/12 09:05:55 | 000,000,634 | ---- | M] () -- C:\m_agent_attribs.cfg
[2009/06/11 21:27:50 | 000,000,634 | ---- | M] () -- C:\m_agent_attribs.cfg.bak
[2008/02/07 09:53:50 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/02/07 09:53:50 | 000,022,729 | ---- | M] () -- C:\newkey
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/31 22:40:49 | 000,250,032 | ---- | M] () -- C:\ntldr
[2010/05/23 09:47:47 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/01 16:10:54 | 000,000,504 | ---- | M] () -- C:\rkill.log
[2009/01/03 14:39:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/01 03:05:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/01 23:38:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/02 02:32:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/02 21:23:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/17 21:13:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/17 22:26:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/17 23:23:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/11/08 03:08:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/11/09 15:39:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/11/10 01:47:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/11 01:41:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/11 18:25:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/12 00:36:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/13 02:50:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/11/14 03:25:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/11/14 12:17:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/12/01 00:30:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/12/15 16:42:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/12/16 00:17:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/01/03 14:39:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/01 03:05:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/01 23:38:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/02 02:32:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/02 21:23:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/17 21:13:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/17 22:26:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/17 23:23:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/11/08 03:08:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/11/09 15:39:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/11/10 01:47:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/11 01:41:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/11 18:25:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/12 00:36:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/11/13 02:50:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/11/14 03:25:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/14 12:17:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/12/01 00:30:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/12/15 16:42:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/12/16 00:17:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/08/21 15:36:30 | 000,000,158 | ---- | M] () -- C:\YServer.txt
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/05/01 11:35:10 | 000,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/04 19:16:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
< End of report >
rayoflight
2010-05-23, 18:39
OTL Extras logfile created on: 5/23/2010 10:10:32 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and
Settings\LT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type =
NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:
M/d/yyyy
1,014.00 Mb Total Physical Memory | 783.00 Mb Available Physical Memory |
77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File
free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Files
Drive C: | 111.72 Gb Total Space | 73.51 Gb Free Space | 65.80% Space Free |
Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LT
Current User Name: LT
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe"
%1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft
Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%
\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --
started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --
started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft
Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft
Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5030:TCP" = 5030:TCP:*:Enabled:Services
"3265:TCP" = 3265:TCP:*:Enabled:Services
"6374:TCP" = 6374:TCP:*:Enabled:Services
"3937:TCP" = 3937:TCP:*:Enabled:Services
"5089:TCP" = 5089:TCP:*:Enabled:Services
"8678:TCP" = 8678:TCP:*:Enabled:Services
"3356:TCP" = 3356:TCP:*:Enabled:Services
"5212:TCP" = 5212:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:DCOM
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"37677:TCP" = 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP" = 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP" = 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5030:TCP" = 5030:TCP:*:Enabled:Services
"3265:TCP" = 3265:TCP:*:Enabled:Services
"6374:TCP" = 6374:TCP:*:Enabled:Services
"3937:TCP" = 3937:TCP:*:Enabled:Services
"5089:TCP" = 5089:TCP:*:Enabled:Services
"8678:TCP" = 8678:TCP:*:Enabled:Services
"3356:TCP" = 3356:TCP:*:Enabled:Services
"5212:TCP" = 5212:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN
Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) --
(Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\LT\Application Data\U3\00001753A86079DA\0DE4F643
-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and
Settings\LT\Application Data\U3\00001753A86079DA\0DE4F643-C398-46ec-9339-
2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Mercury Interactive\QuickTest
Professional\bin\AQTRmtAgent.exe" = C:\Program Files\Mercury
Interactive\QuickTest Professional\bin\AQTRmtAgent.exe:*:Enabled:AQT Remote
Agent -- (Mercury Interactive Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger --
(Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!
\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE" = C:\Program
Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office
FrontPage -- (Microsoft Corporation)
"C:\Program Files\Mercury Interactive\Mercury
LoadRunner\launch_service\bin\magentproc.exe" = C:\Program Files\Mercury
Interactive\Mercury
LoadRunner\launch_service\bin\magentproc.exe:*:Disabled:Mercury Launcher
Process -- (Mercury Interactive Corp.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program
Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program
Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application --
(www.sopcast.com)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program
Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN
Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) --
(Microsoft Corporation)
"C:\Documents and Settings\LT\Application Data\Macromedia\Flash
Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and
Settings\LT\Application Data\Macromedia\Flash
Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape
add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla
Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\LT\Local Settings\Application Data\Google\Google
Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\LT\Local
Settings\Application Data\Google\Google Talk
Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\LT\Local Settings\Application Data\Google\Google
Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\LT\Local
Settings\Application Data\Google\Google Talk
Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel
Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- File not found
"C:\Documents and Settings\LT\Application Data\mjusbsp\magicJack.exe" =
C:\Documents and Settings\LT\Application
Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program
Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP
Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program
Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent --
File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program
Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- File not
found
"C:\Documents and Settings\LT\Application Data\Juniper Networks\Juniper
Terminal Services Client\dsTermServ.exe" = C:\Documents and
Settings\LT\Application Data\Juniper Networks\Juniper Terminal Services
Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper
Networks)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" =
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance
- Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program
Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program
Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove
only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet
Explorer
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management
Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express
Edition (MSSMLBIZ)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0
Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting
PayPal Addin
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{439C01D2-84A2-4421-9141-ED58FE79C6BE}" =
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed
Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native
Client
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup
Support Files (English)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5C01F86B-B888-4ABE-96AF-E35BF6564A19}" = Quest Software Toad for SQL
Server Trial 4.1
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP
Payroll Addin
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting
Equifax Addin
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional
Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007
Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web
Components
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1528C5E-73E8-441E-8114-3811B4D34F41}" = Expense Calculator
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0
Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business
Connectivity Components
"{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest Professional
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave
Systems
"{AC3D865A-0D8C-43C0-8BA7-7EC2D34BFBFE}" = Quality Center Microsoft Excel
Addin
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B47695F0-1082-11D5-AF69-00A0CC5FEE7C}" = MercuryTours
"{BD1EDA57-8294-47B7-B129-C3DF2FA95BA4}" = InstallMICGenericHook
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0
Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client
4.8.01.0300
"{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}" = WebEx Meeting Manager for
Firefox/Netscape/Chrome
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop
Engine
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client
- Web Only
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor
Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave
Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime -
(v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++
2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Celtx (2.7)" = Celtx (2.7)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330
MDC V.92 Modem
"Cricket Scorer_is1" = Cricket Scorer 5.5.4.0
"FileZilla Client" = FileZilla Client 3.3.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation
APIs
"IE4Dev" = Microsoft Script Debugger
"ie7" = Windows Internet Explorer 7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support
Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information
Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager
Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security
Setup
"InstallShield_{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest
Professional
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page
Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security
Center
"LoadRunner" = Mercury LoadRunner 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame
Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting
Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting
PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"oovooToolbar" = ooVoo Toolbar
"P2P Tv Plugin_is1" = P2P Tv Plugin
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"SiteScope1DeinstKey" = SiteScope
"Slideroll Gallery AV_is1" = Slideroll Gallery AV 0.92b4
"Slideroll Video Creator_is1" = Slideroll Video Creator 0.83b
"SopCast" = SopCast 3.0.1
"SPVOD Player1.8" = SPVOD Player1.8
"ST6UNST #1" = cBizOne
"TeamViewer 4" = TeamViewer 4
"TestDirector 8.0" = TestDirector 8.0
"UnifiedReport" = Unified Report
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.3
"WampServer 2_is1" = WampServer 2.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinRunner" = WinRunner
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash
Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/15/2010 4:54:25 PM | Computer Name = LT | Source = Google Update |
ID = 20
Description =
Error - 5/20/2010 8:17:03 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {7B849a69-
220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:17:03 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {CF7639F3-
ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:26:19 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {7B849a69-
220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:26:19 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {CF7639F3-
ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:26:57 PM | Computer Name = LT | Source = Broadcom ASF IP
and SMBIOS Mailbox Monitor | ID = 0
Description =
Error - 5/20/2010 8:26:58 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {7B849a69-
220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:26:58 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {CF7639F3-
ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:28:06 PM | Computer Name = LT | Source = Google Update |
ID = 20
Description =
Error - 5/20/2010 8:34:06 PM | Computer Name = LT | Source = Google Update |
ID = 20
Description =
[ System Events ]
Error - 5/4/2010 8:12:43 PM | Computer Name = LT | Source = DCOM | ID =
10020
Description = The machine wide Default Launch and Activation security
descriptor
is invalid. It contains Access Control Entries with permissions that are
invalid.
The requested action was therefore not performed. This security permission
can
be corrected using the Component Services administrative tool.
Error - 5/12/2010 10:32:16 AM | Computer Name = LT | Source = DCOM | ID =
10020
Description = The machine wide Default Launch and Activation security
descriptor
is invalid. It contains Access Control Entries with permissions that are
invalid.
The requested action was therefore not performed. This security permission
can
be corrected using the Component Services administrative tool.
Error - 5/12/2010 10:32:22 AM | Computer Name = LT | Source = Print | ID =
23
Description = Printer Microsoft XPS Document Writer failed to initialize
because
a suitable Microsoft XPS Document Writer driver could not be found.
Error - 5/12/2010 10:32:22 AM | Computer Name = LT | Source = Print | ID =
23
Description = Printer WebEx Document Loader failed to initialize because a
suitable
HP Color LaserJet 4700 PCL 5c driver could not be found.
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the
following error:
%%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the
following
error: %%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the
following
error: %%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to
the following
error: %%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start
due to
the following error: %%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Anti-Spam Service service failed to start due to
the following
error: %%3
< End of report >
Hi,
Kindly turn word wrap off in notepad to make logs appear in more readable format.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include contents of the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
See if you're able to run DDS now and post back contents of dds.txt log if possible.
rayoflight
2010-05-23, 21:07
Hi Blade,
Please delete the above 3 posts as I forgot to uncheck the word wrap. Posting the logs again without word wrap.
Cheers,
Rayoflight
rayoflight
2010-05-23, 21:08
ComboFix 10-05-22.03 - LT 05/23/2010 13:29:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.545 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800
c:\documents and settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800\enemies-names.txt
c:\documents and settings\LT\Application Data\ARManager
c:\documents and settings\LT\Application Data\ARManager\languages\Czech.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Danish.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Dutch.lng
c:\documents and settings\LT\Application Data\ARManager\languages\English.lng
c:\documents and settings\LT\Application Data\ARManager\languages\French.lng
c:\documents and settings\LT\Application Data\ARManager\languages\German.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Italian.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Portuguese.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Slovak.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Spanish.lng
c:\documents and settings\LT\Application Data\ARManager\languages\template.lng
c:\documents and settings\LT\Application Data\ARManager\wallpaper.jpg
c:\documents and settings\LT\Application Data\JuniperSetup.exe
c:\documents and settings\LT\Application Data\Microsoft\HTML Help\hh.dat
c:\documents and settings\LT\g2mdlhlpx.exe
c:\program files\INSTALL.LOG
c:\windows\regsvr32.exe
c:\windows\system32\Cache
c:\windows\system32\vb40032.dll
Infected copy of c:\windows\system32\drivers\wmiacpi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.
2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-27 02:23 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16 . 2010-02-04 01:40 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\Norton 360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 01:12 . 2010-05-04 23:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 01:12 . 2010-05-04 23:16 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-04 23:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12 . 2010-05-04 23:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35 . 2010-05-01 15:35 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35 . 2010-05-01 15:35 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:35 . 2010-05-01 15:35 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 15:34 . 2010-05-02 00:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 17:48 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-04 23:16 . 2010-05-02 01:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-04 23:16 . 2010-05-02 01:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:31 . 2009-04-01 02:12 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5030:TCP"= 5030:TCP:Services
"3265:TCP"= 3265:TCP:Services
"6374:TCP"= 6374:TCP:Services
"3937:TCP"= 3937:TCP:Services
"5089:TCP"= 5089:TCP:Services
"8678:TCP"= 8678:TCP:Services
"3356:TCP"= 3356:TCP:Services
"5212:TCP"= 5212:TCP:Services
"2398:TCP"= 2398:TCP:Services
"3296:TCP"= 3296:TCP:Services
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
R2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
R2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
R2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
R2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
R2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
R2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [5/4/2010 7:16 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [5/4/2010 7:16 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.sys [5/4/2010 7:16 PM 116784]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [5/4/2010 7:15 PM 126392]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [5/4/2010 7:16 PM 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 10:11 PM 38224]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://logiqa/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://logiqa:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 13:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8632C228]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7534fc3
\Driver\ACPI -> ACPI.sys @ 0xf73c7cb8
\Driver\atapi -> 0x8632c228
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0x8639e5c0
PacketIndicateHandler -> NDIS.sys @ 0xf7220a0b
SendHandler -> NDIS.sys @ 0xf7234b31
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1372)
c:\windows\system32\waveGina.dll
c:\windows\system32\AmRes_en.dll
c:\windows\system32\OEM_Resources.dll
c:\program files\Wave Systems Corp\Dell Preboot Manager\PrebootBiosManager.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthControl2.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthentecPlugin.dll
c:\windows\system32\ATSC70.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system\tfmessbsp.dll
- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\windows\system32\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system32\AmRes_en.dll
c:\program files\Wave Systems Corp\Authentication Manager\authcontrol.dll
c:\program files\Wave Systems Corp\Authentication Manager\UserCredentialStore.dll
c:\windows\system\tfmessbsp.dll
- - - - - - - > 'Explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDDomSrv.exe
c:\program files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\inetpub\TDBIN\SiteScope\java\bin\java.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\inetpub\TDBIN\MTours\JavaSoft\JRE\1.2\bin\java.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-05-23 13:56:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-23 17:56
Pre-Run: 77,760,942,080 bytes free
Post-Run: 77,737,537,536 bytes free
- - End Of File - - 8627318145D9FF863F7BA43D246510D8
rayoflight
2010-05-23, 21:10
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/13/2008 11:51:22 PM
System Uptime: 5/23/2010 1:46:43 PM (1 hours ago)
Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1995/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 72.438 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
==== System Restore Points ===================
RP332: 2/2/2010 9:26:04 PM - System Checkpoint
RP333: 2/4/2010 9:14:22 PM - System Checkpoint
RP334: 2/8/2010 11:51:24 AM - System Checkpoint
RP335: 2/9/2010 3:45:41 PM - Restore Operation
RP336: 2/10/2010 6:30:20 PM - System Checkpoint
RP337: 2/11/2010 1:00:39 PM - Installed Citrix Presentation Server Client - Web Only
RP338: 2/12/2010 8:46:33 PM - System Checkpoint
RP339: 2/13/2010 1:03:59 AM - Software Distribution Service 3.0
RP340: 2/15/2010 1:32:54 PM - System Checkpoint
RP341: 2/16/2010 1:54:20 PM - System Checkpoint
RP342: 2/16/2010 10:56:55 PM - Software Distribution Service 3.0
RP343: 2/18/2010 3:49:46 PM - Restore Operation
RP344: 2/20/2010 10:57:18 AM - System Checkpoint
RP345: 2/21/2010 9:37:39 PM - System Checkpoint
RP346: 2/25/2010 8:46:14 AM - System Checkpoint
RP347: 2/27/2010 6:12:41 PM - System Checkpoint
RP348: 3/1/2010 9:58:45 PM - System Checkpoint
RP349: 3/2/2010 7:37:07 PM - Software Distribution Service 3.0
RP350: 3/3/2010 8:20:42 PM - System Checkpoint
RP351: 3/6/2010 3:04:13 PM - System Checkpoint
RP352: 3/10/2010 12:53:19 PM - System Checkpoint
RP353: 3/11/2010 8:39:35 PM - System Checkpoint
RP354: 3/12/2010 9:57:42 PM - Software Distribution Service 3.0
RP355: 3/13/2010 10:28:06 AM - Restore Operation
RP356: 3/14/2010 5:26:16 AM - Software Distribution Service 3.0
RP357: 3/17/2010 10:12:57 PM - System Checkpoint
RP358: 3/28/2010 2:27:43 PM - System Checkpoint
RP359: 4/3/2010 7:38:36 PM - System Checkpoint
RP360: 4/4/2010 8:53:09 PM - System Checkpoint
RP361: 4/5/2010 9:22:31 PM - System Checkpoint
RP362: 4/5/2010 10:09:46 PM - Software Distribution Service 3.0
RP363: 4/10/2010 6:51:25 PM - System Checkpoint
RP364: 4/11/2010 10:00:47 PM - System Checkpoint
RP365: 4/14/2010 11:24:43 AM - System Checkpoint
RP366: 4/17/2010 11:36:32 AM - System Checkpoint
RP367: 4/18/2010 1:31:33 PM - System Checkpoint
RP368: 4/19/2010 11:23:11 PM - Software Distribution Service 3.0
RP369: 4/26/2010 11:49:29 AM - System Checkpoint
RP370: 5/1/2010 9:51:33 AM - Software Distribution Service 3.0
RP371: 5/1/2010 10:53:53 AM - Restore Operation
RP372: 5/1/2010 11:33:48 AM - Installed AVG Free 8.0
RP373: 5/1/2010 6:54:28 PM - Installed AVG 9.0
RP374: 5/1/2010 8:12:53 PM - Installed Java(TM) 6 Update 20
RP375: 5/1/2010 8:20:09 PM - Installed AVG 9.0
RP376: 5/4/2010 8:30:35 PM - avast! Free Antivirus Setup
==== Installed Programs ======================
Ad-Aware
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 6
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
biolsp patch
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
cBizOne
Celtx (2.7)
Cisco Systems VPN Client 4.8.01.0300
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Cricket Scorer 5.5.4.0
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
Expense Calculator
Facebook Plug-In
FileZilla Client 3.3.1
Final Draft 7
Gemalto
GemSafe Standard Edition 5.1
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
GoToMeeting 4.0.0.320
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB934428-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB937930)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
InstallMICGenericHook
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Juniper Citrix Services Client
Juniper Terminal Services Client
Logitech Desktop Messenger
Logitech ImageStudio
Malwarebytes' Anti-Malware
Mercury LoadRunner 8.0
MercuryTours
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Script Debugger
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Modem Diagnostic Tool
Move Media Player
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MySpaceIM
NetWaiting
NTRU TCG Software Stack
Octoshape add-in for Adobe Flash Player
ooVoo Toolbar
P2P Tv Plugin
PowerDVD
Preboot Manager
Private Information Manager
Quality Center Microsoft Excel Addin
Quest Software Toad for SQL Server Trial 4.1
QuickSet
QuickTest Professional
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
SearchAssist
Secure Update
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Wizards
SigmaTel Audio
SiteScope
Skype™ 4.0
Slideroll Gallery AV 0.92b4
Slideroll Video Creator 0.83b
Sonic Activation Module
SopCast 3.0.1
SPVOD Player1.8
TeamViewer 4
TestDirector 8.0
Trusted Drive Manager
tsp patch
Unified Report
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
WampServer 2.0
Wave Infrastructure Installer
Wave Support Software
WebEx
WebEx Meeting Manager for Firefox/Netscape/Chrome
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinRunner
Yahoo! BrowserPlus 2.7.1
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
5/23/2010 9:49:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD APPDRV aswSP aswTdi BHDrvx86 ccHP Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 12:45:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP MPFP SymDS SymEFA SymIRON
5/23/2010 12:45:34 PM, error: Service Control Manager [7024] - The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:02 PM, error: Print [23] - Printer WebEx Document Loader failed to initialize because a suitable HP Color LaserJet 4700 PCL 5c driver could not be found.
5/23/2010 12:45:02 PM, error: Print [23] - Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.
5/23/2010 12:45:02 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/23/2010 12:45:02 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/23/2010 12:44:58 PM, error: DCOM [10020] - The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
5/23/2010 12:43:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/23/2010 12:32:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/23/2010 12:30:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/23/2010 1:19:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP MPFP SRTSPX SymDS SymEFA SymIRON SYMTDI
5/23/2010 1:14:51 PM, error: Service Control Manager [7034] - The NTRU TSS v1.2.1.25 TCS service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:14:51 PM, error: Service Control Manager [7034] - The ExpressionService service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:14:50 PM, error: Service Control Manager [7034] - The SiteScope service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:14:50 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:11:30 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/20/2010 8:27:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MPFP
==== End Of File ===========================
rayoflight
2010-05-23, 21:10
DDS (Ver_10-03-17.01) - NTFSx86
Run by at 14:01:07.90 on Sun 05/23/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.460 [GMT -4:00]
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
C:\PROGRA~1\COMMON~1\MERCUR~1\TDAPIS~1\TDDomSrv.exe
C:\InetPub\TDBIN\SITESC~1\tools\SITESC~1.EXE
C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\InetPub\TDBIN\SiteScope\java\bin\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Mercury Interactive\TDStartStop.exe
C:\InetPub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe
C:\WINDOWS\system32\dllhost.exe
C:\InetPub\TDBIN\MTours\JavaSoft\JRE\1.2\bin\java.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Documents and Settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\LT\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: BHOManager Class: {474264bc-9571-47c1-85b9-780f756dc9ce} - c:\windows\system32\BHOManager.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [cdloader] "c:\documents and settings\LT\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\documents and settings\LT\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: amtrak.com\vpn
DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://logiqa/TDBIN/Spider80.ocx
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://vpn.amtrak.com/vdesk/cachecleaner.cab#version=6030,2009,0514,2202
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.amtrak.com/vdesk/terminal/urxvpn.cab#version=6030,2009,514,2217
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.11.50.178/qcbin/capicom.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.amtrak.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,514,2213
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://vpn.amtrak.com/vdesk/terminal/f5InspectionHost.cab#version=6030,2009,0514,2204
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://logiqa:8080/qcbin/Spider90.ocx
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.amtrak.com/vdesk/terminal/urxshost.cab#version=6030,2009,514,2210
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://vpn.amtrak.com/policy/download_binary.php/win32/f5syschk.cab#Version=6030,2009,0514,2213
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} -
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll
LSA: Authentication Packages = msv1_0 wvauth
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\logiqa~1\applic~1\mozilla\firefox\profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{3191e4ce-790e-42be-b2e0-223475263b7e}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{dbbb3167-6e81-400f-bbfd-bd8921726f52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-4 162768]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-4 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-4 40384]
R2 ExpressionService;ExpressionService;c:\program files\common files\mercury interactive\tdapiserver\ExpService.exe [2008-4-12 532548]
R2 LogonService1;LogonService1;c:\program files\common files\mercury interactive\tdapiserver\LogonService1.exe [2008-4-12 86016]
R2 OtaPool;OtaPool;c:\program files\common files\mercury interactive\tdapiserver\OTAPool.exe [2008-4-12 102400]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2008-2-23 10951]
R2 SiteScope;SiteScope;c:\inetpub\tdbin\sitesc~1\tools\SITESC~1.EXE [2008-4-12 45056]
R2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\common files\mercury interactive\TDStartStop.exe [2008-4-12 1452032]
R2 TomcatService;TomcatService;c:\inetpub\tdbin\mtours\jakarta-tomcat-3.3\bin\TomcatService.exe [2008-4-12 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2009-3-31 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0401000.020\symds.sys --> c:\windows\system32\drivers\n360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0401000.020\symefa.sys --> c:\windows\system32\drivers\n360\0401000.020\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100211.001\BHDrvx86.sys [2010-5-4 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys [2010-5-4 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0401000.020\Ironx86.sys [2010-5-4 116784]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 N360;Norton 360;c:\program files\norton 360\engine\4.1.0.32\ccSvcHst.exe [2010-5-4 126392]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-4 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-4 40384]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\common files\mercury interactive\CheckU.exe [2008-4-12 342528]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20091105.001\IDSxpx86.sys [2010-5-4 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-4 38224]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-9 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-9 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-9 40552]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100501.002\naveng.sys [2010-5-4 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100501.002\navex15.sys [2010-5-4 1324720]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2008-8-21 220079]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
UnknownUnknown vkquwexg;vkquwexg; [x]
=============== Created Last 30 ================
2010-05-23 16:33:26 98816 ----a-w- c:\windows\sed.exe
2010-05-23 16:33:26 77312 ----a-w- c:\windows\MBR.exe
2010-05-23 16:33:26 256512 ----a-w- c:\windows\PEV.exe
2010-05-23 16:33:26 161792 ----a-w- c:\windows\SWREG.exe
2010-05-05 02:11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:30:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-05 00:29:50 0 d-----w- C:\Anti_Virus_SW
2010-05-04 23:16:08 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16:08 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16:08 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:16:08 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:15:46 0 d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15:44 0 d-----w- c:\program files\Norton 360
2010-05-04 23:15:36 0 d-----w- c:\program files\NortonInstaller
2010-05-02 01:12:39 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-02 01:12:39 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 01:12:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12:39 0 d-----w- c:\program files\Symantec
2010-05-02 01:12:39 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-02 01:11:36 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-05-02 01:07:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-05-02 00:13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39:39 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39:39 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 23:02:53 0 ----a-w- c:\windows\system32\commonpriv.log.lock
2010-05-01 22:54:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-01 22:54:07 0 d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35:15 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35:10 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:34:40 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33:54 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2010-05-01 14:57:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-01 14:14:49 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
==================== Find3M ====================
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-05 19:02:04 456704 ----a-w- c:\windows\system32\dllcache\smtpsvc.dll
2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 05:20:02 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
============= FINISH: 14:01:16.31 ===============
Hi,
Please run ComboFix again and let it install recovery console. Post back the results.
rayoflight
2010-05-24, 01:56
Blade,
Can you please delete posts # 11, 12 & 13
Thank You,
Rayoflight
rayoflight
2010-05-24, 02:35
ComboFix 10-05-22.03 - LT 05/23/2010 19:17:09.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.780 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\LT\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.
2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-27 02:23 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16 . 2010-02-04 01:40 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\Norton 360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 01:12 . 2010-05-04 23:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 01:12 . 2010-05-04 23:16 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-04 23:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12 . 2010-05-04 23:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35 . 2010-05-01 15:35 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35 . 2010-05-01 15:35 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:35 . 2010-05-01 15:35 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 15:34 . 2010-05-02 00:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 22:10 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-04 23:16 . 2010-05-02 01:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-04 23:16 . 2010-05-02 01:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:31 . 2009-04-01 02:12 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Aim6"="" [BU]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [BU]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5030:TCP"= 5030:TCP:Services
"3265:TCP"= 3265:TCP:Services
"6374:TCP"= 6374:TCP:Services
"3937:TCP"= 3937:TCP:Services
"5089:TCP"= 5089:TCP:Services
"8678:TCP"= 8678:TCP:Services
"3356:TCP"= 3356:TCP:Services
"5212:TCP"= 5212:TCP:Services
"2398:TCP"= 2398:TCP:Services
"3296:TCP"= 3296:TCP:Services
"3179:TCP"= 3179:TCP:Services
"4858:TCP"= 4858:TCP:Services
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [5/4/2010 7:16 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [5/4/2010 7:16 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.sys [5/4/2010 7:16 PM 116784]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
S2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
S2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [5/4/2010 7:15 PM 126392]
S2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
S2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
S2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
S2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
S2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [5/4/2010 7:16 PM 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 10:11 PM 38224]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MDMXSDK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://logiqa/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://logiqa:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 19:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(332)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
- - - - - - - > 'explorer.exe'(1672)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-05-23 19:28:43
ComboFix-quarantined-files.txt 2010-05-23 23:28
ComboFix2.txt 2010-05-23 17:56
Pre-Run: 78,803,447,808 bytes free
Post-Run: 78,745,735,168 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - D71B3F980CD649900DF66C4AA10641D0
Hi,
Removed those double posts of yours.
Seems that you installed recovery console meant for XP Home Edition while yours is Professional one. We have to replace wrong console version with a correct one. Follow "Removing the Recovery Console" -part here (http://www.theeldergeek.com/recovery_console.htm). Then install correct recovery console here (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=535d248d-5e10-49b5-b80c-0a0205368124) with ComboFix. Post back ComboFix log.
rayoflight
2010-05-24, 09:12
It is not letting me delete the 'cmdcons' folder.
What do I do?
Go to next step on those console removing instructions.
rayoflight
2010-05-24, 09:36
ComboFix 10-05-22.03 - LT 05/24/2010 2:23.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.715 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\LT\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.
2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-27 02:23 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16 . 2010-02-04 01:40 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\Norton 360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 01:12 . 2010-05-04 23:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 01:12 . 2010-05-04 23:16 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-04 23:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12 . 2010-05-04 23:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35 . 2010-05-01 15:35 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35 . 2010-05-01 15:35 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:35 . 2010-05-01 15:35 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 15:34 . 2010-05-02 00:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 22:10 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-04 23:16 . 2010-05-02 01:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-04 23:16 . 2010-05-02 01:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:31 . 2009-04-01 02:12 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Aim6"="" [BU]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [BU]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5030:TCP"= 5030:TCP:Services
"3265:TCP"= 3265:TCP:Services
"6374:TCP"= 6374:TCP:Services
"3937:TCP"= 3937:TCP:Services
"5089:TCP"= 5089:TCP:Services
"8678:TCP"= 8678:TCP:Services
"3356:TCP"= 3356:TCP:Services
"5212:TCP"= 5212:TCP:Services
"2398:TCP"= 2398:TCP:Services
"3296:TCP"= 3296:TCP:Services
"3179:TCP"= 3179:TCP:Services
"4858:TCP"= 4858:TCP:Services
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [5/4/2010 7:16 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [5/4/2010 7:16 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.sys [5/4/2010 7:16 PM 116784]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
S2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
S2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [5/4/2010 7:15 PM 126392]
S2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
S2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
S2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
S2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
S2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [5/4/2010 7:16 PM 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 10:11 PM 38224]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MDMXSDK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://LT/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://LT:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 02:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(332)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
- - - - - - - > 'explorer.exe'(1012)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-05-24 02:33:45
ComboFix-quarantined-files.txt 2010-05-24 06:33
ComboFix2.txt 2010-05-23 23:28
ComboFix3.txt 2010-05-23 17:56
Pre-Run: 78,766,923,776 bytes free
Post-Run: 78,736,142,336 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 881D90B170365546FE495AA840696F46
Hi,
Please download HelpAsst_mebroot_fix.exe (http://noahdfear.net/downloads/HelpAsst/HelpAsst_mebroot_fix.exe) and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.
helpasst -mbrt
Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.
*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.
mbr -f
Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.
helpasst -mbrt
Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.
**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
rayoflight
2010-05-24, 20:03
C:\Documents and Settings\LT\Desktop\HelpAsst_mebroot_fix.exe
Mon 05/24/2010 at 12:06:07.26
HelpAssistant account is Active ~ attempting to de-activate
Account active Yes
Local Group Memberships *Administrators
HelpAssistant successfully set Inactive
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
~~ Checking firewall ports ~~
backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"5030:TCP"=-
"3265:TCP"=-
"6374:TCP"=-
"3937:TCP"=-
"5089:TCP"=-
"8678:TCP"=-
"3356:TCP"=-
"5212:TCP"=-
"2398:TCP"=-
"3296:TCP"=-
"3179:TCP"=-
"4858:TCP"=-
backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"5030:TCP"=-
"3265:TCP"=-
"6374:TCP"=-
"3937:TCP"=-
"5089:TCP"=-
"8678:TCP"=-
"3356:TCP"=-
"5212:TCP"=-
"2398:TCP"=-
"3296:TCP"=-
"3179:TCP"=-
"4858:TCP"=-
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking mbr ~~
user & kernel MBR OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Status check on Mon 05/24/2010 at 13:00:00.75
Account active No
Local Group Memberships *Administrators
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking for HelpAssistant directories ~~
HelpAssistant
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
~~ EOF ~~
Hi,
Rerun ComboFix (let it update itself) and post back the report.
rayoflight
2010-05-24, 21:25
ComboFix 10-05-22.03 - LT 05/24/2010 14:00:03.5.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.791 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\kernel32.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.
2010-05-24 16:06 . 2010-05-24 16:06 -------- d-----w- C:\HelpAsst_backup
2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-27 02:23 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16 . 2010-02-04 01:40 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\Norton 360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 01:12 . 2010-05-04 23:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 01:12 . 2010-05-04 23:16 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-04 23:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12 . 2010-05-04 23:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35 . 2010-05-01 15:35 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35 . 2010-05-01 15:35 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:35 . 2010-05-01 15:35 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 15:34 . 2010-05-02 00:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 18:13 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-04 23:16 . 2010-05-02 01:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-04 23:16 . 2010-05-02 01:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:31 . 2009-04-01 02:12 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Aim6"="" [BU]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [BU]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3992:TCP"= 3992:TCP:Services
"6484:TCP"= 6484:TCP:Services
"6289:TCP"= 6289:TCP:Services
"6290:TCP"= 6290:TCP:Services
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
R2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
R2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
R2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
R2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
R2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
R2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [5/4/2010 7:16 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [5/4/2010 7:16 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.sys [5/4/2010 7:16 PM 116784]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [5/4/2010 7:15 PM 126392]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [5/4/2010 7:16 PM 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 10:11 PM 38224]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://LT/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://LT:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 14:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x869F21E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7534fc3
\Driver\ACPI -> ACPI.sys @ 0xf73c7cb8
\Driver\atapi -> 0x869f21e0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0x863735c0
PacketIndicateHandler -> NDIS.sys @ 0xf7220a0b
SendHandler -> NDIS.sys @ 0xf7234b31
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\waveGina.dll
c:\windows\system32\AmRes_en.dll
c:\windows\system32\OEM_Resources.dll
c:\program files\Wave Systems Corp\Dell Preboot Manager\PrebootBiosManager.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthControl2.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthentecPlugin.dll
c:\windows\system32\ATSC70.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system\tfmessbsp.dll
- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\windows\system32\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\AmRes_en.dll
c:\program files\Wave Systems Corp\Authentication Manager\UserCredentialStore.dll
- - - - - - - > 'Explorer.exe'(4652)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDDomSrv.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\inetpub\TDBIN\SiteScope\java\bin\java.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE
c:\inetpub\TDBIN\MTours\JavaSoft\JRE\1.2\bin\java.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-05-24 14:19:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-24 18:19
ComboFix2.txt 2010-05-24 17:42
ComboFix3.txt 2010-05-24 06:33
ComboFix4.txt 2010-05-23 23:28
ComboFix5.txt 2010-05-24 17:58
Pre-Run: 78,735,286,272 bytes free
Post-Run: 77,624,414,208 bytes free
- - End Of File - - 7C0F80514545FD2E87DB73B7FAC8D446
Hi,
Any specific reason why you ran ComboFix in safe mode? Don't have to rerun now, I just wanted to know.
1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter (answer yes for confirmation question):
fixmbr
6. At the next prompt, type the following bolded text, and press Enter:
exit
Windows will now begin loading.
Double-click HelpAsst_mebroot_fix.exe file and follow its prompts. Reboot when done.
After reboot, click Start>Run and type helpasst -mbrt then hit Enter.
Post the new log that opens when it finishes.
rayoflight
2010-05-24, 21:56
Screen froze before I could retrieve the log file so ran combofix in safe mode. Posting the log in few minutes.
rayoflight
2010-05-24, 22:12
C:\Documents and Settings\LT\Desktop\HelpAsst_mebroot_fix.exe
Mon 05/24/2010 at 14:52:52.23
HelpAssistant account Inactive
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
~~ Checking firewall ports ~~
backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"3992:TCP"=-
"6484:TCP"=-
"6289:TCP"=-
"6290:TCP"=-
backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"3992:TCP"=-
"6484:TCP"=-
"6289:TCP"=-
"6290:TCP"=-
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking mbr ~~
user & kernel MBR OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Status check on Mon 05/24/2010 at 15:08:21.84
Account active No
Local Group Memberships *Administrators
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking for HelpAssistant directories ~~
HelpAssistant
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
~~ EOF ~~
Did you run fixmbr command in recovery console as instructed?
Click Start>Run and type helpasst -folder then hit Enter.
The tool will run and prompt for confirmation to remove any HelpAssistant folders found.
If prompted, restart your computer.
When complete, click Start>Run and type helpasst -mbrt then hit Enter.
Post the new log that opens when it finishes.
rayoflight
2010-05-24, 23:29
Yes I did run fixmbr as instructed.
rayoflight
2010-05-24, 23:38
C:\Documents and Settings\LT\Desktop\HelpAsst_mebroot_fix.exe
Mon 05/24/2010 at 14:52:52.23
HelpAssistant account Inactive
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
~~ Checking firewall ports ~~
backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"3992:TCP"=-
"6484:TCP"=-
"6289:TCP"=-
"6290:TCP"=-
backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"3992:TCP"=-
"6484:TCP"=-
"6289:TCP"=-
"6290:TCP"=-
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking mbr ~~
user & kernel MBR OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Status check on Mon 05/24/2010 at 15:08:21.84
Account active No
Local Group Memberships *Administrators
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking for HelpAssistant directories ~~
HelpAssistant
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
~~ EOF ~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Folder removal routine ~ Mon 05/24/2010 at 16:29:59.23
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
~~ Checking for HelpAssistant directories ~~
C:\DOCUME~1\HelpAssistant found
backing up C:\DOCUME~1\HelpAssistant
C:\DOCUME~1\HelpAssistant removed
~~ EOF ~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Status check on Mon 05/24/2010 at 16:34:56.62
Account active No
Local Group Memberships *Administrators
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking for HelpAssistant directories ~~
none found
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
~~ EOF ~~
rayoflight
2010-05-24, 23:43
This log after I restarted the system. The last log was without restarting the laptop.
----------------------------------------------------------------
C:\Documents and Settings\LT\Desktop\HelpAsst_mebroot_fix.exe
Mon 05/24/2010 at 14:52:52.23
HelpAssistant account Inactive
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
~~ Checking firewall ports ~~
backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"3992:TCP"=-
"6484:TCP"=-
"6289:TCP"=-
"6290:TCP"=-
backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"3992:TCP"=-
"6484:TCP"=-
"6289:TCP"=-
"6290:TCP"=-
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking mbr ~~
user & kernel MBR OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Status check on Mon 05/24/2010 at 15:08:21.84
Account active No
Local Group Memberships *Administrators
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking for HelpAssistant directories ~~
HelpAssistant
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
~~ EOF ~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Folder removal routine ~ Mon 05/24/2010 at 16:29:59.23
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
~~ Checking for HelpAssistant directories ~~
C:\DOCUME~1\HelpAssistant found
backing up C:\DOCUME~1\HelpAssistant
C:\DOCUME~1\HelpAssistant removed
~~ EOF ~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Status check on Mon 05/24/2010 at 16:34:56.62
Account active No
Local Group Memberships *Administrators
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking for HelpAssistant directories ~~
none found
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
~~ EOF ~~
Hi,
Have another run with ComboFix in normal mode after disabling your antivirus software first as instructed. Let ComboFix update itself. Post back the report when ready.
rayoflight
2010-05-25, 07:51
It says the service is stopped but don't know why it is showing running in the logs. Can you post the steps to manually stop the service.
Hi,
If you followed instructions for disabling here (http://www.bleepingcomputer.com/forums/topic114351.html) then that should be enough.
rayoflight
2010-05-25, 17:07
I do not see Norton 360 on the sys tray and unable to open when I double click it.
Installed programs list doesn't show Norton 360 as installed. It's Avast you should disable there. There're Norton related entries there but I don't see anything that indicated active installation (= no Norton processes running).
rayoflight
2010-05-25, 19:41
ComboFix 10-05-22.03 - LT 05/25/2010 12:23:53.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.365 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.
2010-05-24 16:06 . 2010-05-24 20:30 -------- d-----w- C:\HelpAsst_backup
2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-27 02:23 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16 . 2010-02-04 01:40 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\Norton 360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 01:12 . 2010-05-04 23:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 01:12 . 2010-05-04 23:16 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-04 23:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12 . 2010-05-04 23:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35 . 2010-05-01 15:35 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35 . 2010-05-01 15:35 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:35 . 2010-05-01 15:35 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 15:34 . 2010-05-02 00:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 20:54 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-04 23:16 . 2010-05-02 01:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-04 23:16 . 2010-05-02 01:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-23_23.23.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-24 20:49 . 2010-05-24 20:49 16384 c:\windows\temp\Perflib_Perfdata_4f0.dat
+ 2010-04-26 15:49 . 2010-05-24 20:53 228871 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Aim6"="" [BU]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [BU]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
R2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
R2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
R2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
R2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [5/4/2010 7:16 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [5/4/2010 7:16 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.sys [5/4/2010 7:16 PM 116784]
S2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [5/4/2010 7:15 PM 126392]
S2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [5/4/2010 7:16 PM 329592]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]
--- Other Services/Drivers In Memory ---
*Deregistered* - MBAMSwissArmy
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]
2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://LT/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://LT:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 12:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1356)
c:\windows\system32\waveGina.dll
c:\windows\system32\AmRes_en.dll
c:\windows\system32\OEM_Resources.dll
c:\program files\Wave Systems Corp\Dell Preboot Manager\PrebootBiosManager.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthControl2.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthentecPlugin.dll
c:\windows\system32\ATSC70.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system\tfmessbsp.dll
- - - - - - - > 'lsass.exe'(1412)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\windows\system32\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\AmRes_en.dll
c:\program files\Wave Systems Corp\Authentication Manager\UserCredentialStore.dll
- - - - - - - > 'Explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-25 12:33:47
ComboFix-quarantined-files.txt 2010-05-25 16:33
ComboFix2.txt 2010-05-24 18:19
ComboFix3.txt 2010-05-24 17:42
ComboFix4.txt 2010-05-24 06:33
ComboFix5.txt 2010-05-25 16:23
Pre-Run: 78,841,131,008 bytes free
Post-Run: 78,780,162,048 bytes free
- - End Of File - - 2FDD62C5B60739451A6761BB2A6DA564
Hi,
Run this (http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039) Norton removal tool to get rid of Norton360 remnants. Then run this (http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe) AVG remover to clean its remnants.
Open notepad and copy/paste the text in the quotebox below into it:
SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
{E10A9785-9598-4754-B552-92431C1C35F8}
{7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Is Adobe Acrobat used for other duties than pdf conversions?
Uninstall these old Javas:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
rayoflight
2010-05-25, 21:59
ComboFix 10-05-22.03 - LT 05/25/2010 14:36:35.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.513 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\LT\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LT\Application Data\Microsoft\HTML Help\hh.dat
.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.
2010-05-24 16:06 . 2010-05-24 20:30 -------- d-----w- C:\HelpAsst_backup
2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-02 01:12 . 2010-05-25 18:24 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 18:28 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-23_23.23.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-25 18:28 . 2010-05-25 18:28 16384 c:\windows\temp\Perflib_Perfdata_528.dat
+ 2010-04-26 15:49 . 2010-05-25 18:32 228870 c:\windows\system32\inetsrv\MetaBase.bin
- 2010-04-26 15:49 . 2010-05-23 22:13 228870 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Aim6"="" [BU]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [BU]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
R2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
R2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
R2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
R2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
S2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]
2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://LT/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://LT:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 14:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1356)
c:\windows\system32\waveGina.dll
c:\windows\system32\AmRes_en.dll
c:\windows\system32\OEM_Resources.dll
c:\program files\Wave Systems Corp\Dell Preboot Manager\PrebootBiosManager.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthControl2.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthentecPlugin.dll
c:\windows\system32\ATSC70.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system\tfmessbsp.dll
- - - - - - - > 'lsass.exe'(1412)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\windows\system32\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\AmRes_en.dll
c:\program files\Wave Systems Corp\Authentication Manager\UserCredentialStore.dll
.
Completion time: 2010-05-25 14:46:39
ComboFix-quarantined-files.txt 2010-05-25 18:46
ComboFix2.txt 2010-05-25 16:33
ComboFix3.txt 2010-05-24 18:19
ComboFix4.txt 2010-05-24 17:42
ComboFix5.txt 2010-05-25 18:34
Pre-Run: 78,983,098,368 bytes free
Post-Run: 78,942,638,080 bytes free
- - End Of File - - 5EBA0005448EA2497B662995AA6F1039
rayoflight
2010-05-25, 22:01
Is Adobe Acrobat used for other duties than pdf conversions?
Used for reading, writing and converting pdfs
As suggested I have uninstall these old Javas:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
rayoflight
2010-05-25, 22:18
I am unable to connect to the Internet to run the scanner.
rayoflight
2010-05-25, 22:34
Got the internet working and the scan is running. Will posted the log as soon as it is completed. Last time I used this tool it took 3-4 hours.
rayoflight
2010-05-26, 02:55
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 25, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 25, 2010 13:22:10
Records in database: 4171357
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 155131
Threats found: 6
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 03:44:55
File name / Threat / Threats count
C:\Documents and Settings\LT\Application Data\Sun\Java\Deployment\cache\6.0\12\6189068c-3a91b8fd Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\LT\Application Data\Sun\Java\Deployment\cache\6.0\47\4934abef-343d448b Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\LT\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5b5aebb9 Infected: Exploit.Java.Agent.f 1
C:\HelpAsst_backup\c\DOCUME~1\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\12\6189068c-3a91b8fd Infected: Exploit.Java.Agent.f 1
C:\HelpAsst_backup\c\DOCUME~1\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\47\4934abef-343d448b Infected: Exploit.Java.Agent.f 1
C:\HelpAsst_backup\c\DOCUME~1\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5b5aebb9 Infected: Exploit.Java.Agent.f 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088192.exe Infected: not-a-virus:FraudTool.Win32.Agent.ara 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088197.dll Infected: Trojan.Win32.FraudPack.apxl 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088198.exe Infected: Trojan.Win32.FraudPack.auka 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088199.exe Infected: Packed.Win32.Katusha.m 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088200.dll Infected: Backdoor.Win32.Agent.ashe 1
Selected area has been scanned.
Hi,
Open notepad and copy/paste the text in the quotebox below into it:
DeQuarantine::
c:\qoobox\quarantine\c\documents and settings\LT\Application Data\Microsoft\HTML Help\hh.dat.vir
Quit::
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Delete these files:
C:\Documents and Settings\LT\Application Data\Sun\Java\Deployment\cache\6.0\12\6189068c-3a91b8fd
C:\Documents and Settings\LT\Application Data\Sun\Java\Deployment\cache\6.0\47\4934abef-343d448b
C:\Documents and Settings\LT\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5b5aebb9
and this folder:
C:\HelpAsst_backup
Update Avast definitions. How's the system running?
rayoflight
2010-05-27, 02:42
c:\qoobox\quarantine\c\documents and settings\LT\Application Data\Microsoft\HTML Help\hh.dat.vir -> c:\documents and settings\LT\Application Data\Microsoft\HTML Help\hh.dat ( 8590 bytes )
I have deleted the 3 files and the HelpAsst_backup folder.
Updating AVAST now and will post the performance shortly.
rayoflight
2010-05-27, 03:12
So far so good. How do we verify if the laptop is now malware/virus free?
Hi,
If symptoms are gone then the chances for cleaned system are pretty good :)
It's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Run Secunia vulnerability check here (http://secunia.com/vulnerability_scanning/online/) and fix its findings.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
rayoflight
2010-05-28, 01:50
Blade,
I ran the Kaspersky scanner online before your post and pasting the log here.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, May 27, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, May 26, 2010 19:16:58
Records in database: 4173539
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 152391
Threats found: 6
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 03:50:53
File name / Threat / Threats count
C:\RECYCLER\S-1-5-21-3727747301-3168930972-3825058957-1005\Dc1 Infected: Exploit.Java.Agent.f 1
C:\RECYCLER\S-1-5-21-3727747301-3168930972-3825058957-1005\Dc3 Infected: Exploit.Java.Agent.f 1
C:\RECYCLER\S-1-5-21-3727747301-3168930972-3825058957-1005\Dc5 Infected: Exploit.Java.Agent.f 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088192.exe Infected: not-a-virus:FraudTool.Win32.Agent.ara 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088197.dll Infected: Trojan.Win32.FraudPack.apxl 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088198.exe Infected: Trojan.Win32.FraudPack.auka 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088199.exe Infected: Packed.Win32.Katusha.m 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP371\A0088200.dll Infected: Backdoor.Win32.Agent.ashe 1
Selected area has been scanned.
Hi,
Empty Windows recycle bin and then follow instructions in my previous post (system restore reset should take care of those other items).
rayoflight
2010-05-30, 19:36
I will post the logs on Tuesday/Wednesday as I am out this weekend.
Ok. Thanks for the heads up.
rayoflight
2010-06-02, 04:54
I have followed your instructions and ran the Kaspersky Scanner again and here is the log file.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, June 1, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, June 01, 2010 19:25:22
Records in database: 4195511
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 141107
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:40:45
No threats found. Scanned area is clean.
Selected area has been scanned.
rayoflight
2010-06-02, 04:55
Blade,
I would like to Thank You for all your time and help cleaning up my laptop. I will definitely show my gratitude by donating to Spybot :)
Cheers,
Rayoflight
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.